Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s2PHz-002iWe-NF for pgsql-general@arkaria.postgresql.org; Thu, 02 May 2024 05:47:27 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s2PHv-00FuWZ-Nn for pgsql-general@arkaria.postgresql.org; Thu, 02 May 2024 05:47:24 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s2PHv-00FuWR-D7 for pgsql-general@lists.postgresql.org; Thu, 02 May 2024 05:47:24 +0000 Received: from mail-vk1-xa2e.google.com ([2607:f8b0:4864:20::a2e]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1s2PHt-0017bN-Cm for pgsql-general@lists.postgresql.org; Thu, 02 May 2024 05:47:23 +0000 Received: by mail-vk1-xa2e.google.com with SMTP id 71dfb90a1353d-4daa91c0344so2876051e0c.3 for ; Wed, 01 May 2024 22:47:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714628839; x=1715233639; darn=lists.postgresql.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=IZBT73NVAfKEfBKNvwrOFklTGT8mjlnjqwnrmAqFSn0=; b=SuixBaSP5iCx0e3EF8mhdKF003jLQSLZPQO0PPI2No9iNruXv/s8XEI+kh89X1+98T UQBT7FXcz0VgZSj41i+hBBtZnt3Lg39lwn2pAshUPYHAcBbHGx12svZzvrCSOExISjkz CKivJmHW7lXS7tbxuEq/41yDkrCVXe/umIsVuLhdNEsahtM95qzhuZb76WZDPo1dj4Pe bCZQwT+KJvRAbBWhjCwivCucwqfsPye8UQFGR4/MYFcqLX7QWqx6iUnz4ZXxFOIL5Tiy MDoKHgm9UQdHhjnAPn63KrcxU7kNlfhXex55LVc+QixSKxsrOmajhZsrShqM57a7v92x kSLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714628839; x=1715233639; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=IZBT73NVAfKEfBKNvwrOFklTGT8mjlnjqwnrmAqFSn0=; b=SHU+dpO6DHW/D0zatLvnSivE0kB6Gv+JYdXhRfa3sSnqTL3jRL/PxgwhqJquQ10Nly GzSnbkvXFqVbL9xxIKkU2wtybQX5mTmnL8XO+RVBHrc8Z4/1gbOHB66DFsPYFznomB7b VuCfkeI8cgEFd6qZYHNR8PXVvyF1HT6eUoXYrmflsKSy9xXxVKeijqE/RCq2jI0VxKN0 Y9gHFOBso0tFYLhQkyf8qlEzRE/rs3TrqzVVdQA9viemSPEBzdpMF7xcJqrmo/wLCn7s hvFEjhl1XUO0rYCLkymj9L3ELj4eKyEAgVffjF38vLtDeS4QTSwQNaGF+l3kZKFMvn2B yTcA== X-Gm-Message-State: AOJu0Ywe8sSG2oGb0xKIeAqWVOjwp6Uwc20V4M4m20xcmlb2eebjleTy w/sbub8QYEQL0nZeywCqmcTGCLC8eKj0aMi9Z/AVoKSKhdzRiafXO6vPxNzqKC5XTa0S1WNJtyf /Uj++mZn/skCvYlG3fQu6z3/OoF2bdQe8iyz6bw== X-Google-Smtp-Source: AGHT+IHbveLMdLoKd30y7r0z0+sPxdOzB9h6fmggmfl3S14pz4HCIKNiYEshdjxQ54RH6ySLDcVBH8qDBW4AB0uSLCs= X-Received: by 2002:a05:6122:169e:b0:4d3:3b1b:aa92 with SMTP id 30-20020a056122169e00b004d33b1baa92mr5124261vkl.11.1714628838831; Wed, 01 May 2024 22:47:18 -0700 (PDT) MIME-Version: 1.0 From: RAJAMOHAN Date: Thu, 2 May 2024 11:16:42 +0530 Message-ID: Subject: Prevent users from executing pg_dump against tables To: pgsql-general@lists.postgresql.org Content-Type: multipart/alternative; boundary="000000000000dc3e6e0617722294" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000dc3e6e0617722294 Content-Type: text/plain; charset="UTF-8" Hello all, In our production db infrastructure, we have one read_only role which has read privileges against all tables in schema A. We are planning to grant this role to some developers for viewing the data, but also I want to limit the users from executing statements like copy or using pg_dump. Main reason being I don't want the data to be copied from the database to their local machines. I tried by implementing triggers, but was not able to figure out a way to restrict the pg_dump and allow only select statements. Postgresql version - 12 Ec2 based postgres database Is there a way to implement this? Please advise. Thanks & Regards, Rajamohan.J Devops Cloud Architect Email:garajamohan@gmail.com --000000000000dc3e6e0617722294 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello all,

In our production= db infrastructure, we have one read_only role which has read privileges ag= ainst all tables in schema A.

We are planning to g= rant this role to some developers for viewing the data, but also I want to = limit the users from executing statements like copy or using pg_dump. Main = reason being I don't want the data to be copied from the database to th= eir local machines.

I tried by implementing trigge= rs, but was not able to figure out a way to restrict the pg_dump and allow = only select statements.

Postgresql version - 12
Ec2 based postgres database=C2=A0

Is there= a way to implement this? Please advise.


Thanks & Regards,
=
Rajamohan.J
Devops Cloud Architect
--000000000000dc3e6e0617722294--